GDPR Compliance

Disclaimer: This blog has been created for bloggers and site owners to understand GDPR easily. We are not lawyers and we take no responsibility for the advice provided. It is entirely your responsibility to be aware and fully compliant with regulations.

What is GDPR

GDPR stands for General Data Protection Regulation. GDPR is a data protection law that deals with how companies operating in Europe, handle personal information of customers. GDPR comes into effect across the European Union on 25th May 2018 and impacts several businesses that operate directly or indirectly in the EU. Companies providing services in EU without GDPR compliance have to pay fine. The maximum fine for non-compliance is 20 million Euro or 4% of the annual revenue of the company.

User’s Rights under GDPR

GDPR states that if a website collecting or storing data related to an EU citizen, then website must be complying with the following rules:

Consent

Companies must get clear consent from users before collecting their data.

Communication

Users must be informed what data website is collecting and storing and how long it will be stored.

Access and Portability

Users must have access to edit/delete their data.

Warnings

Users must be informed if data breaches occur.

Marketing

Give people the right to opt out of direct marketing that uses their data.

Children’s data

If you are Collecting data from children under 16 then you must get parental consent.

Companies under GDPR

Under GDPR, companies are broadly classified as follows:

Data controllers: companies that determine the purposes and means of the processing of personal data. Here you are data Controllers.

Data processors: companies which process personal data on behalf and on the instructions of the controller. Here companies like NotifyVisitors are data processors.

Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

A presence in an EU country.

No presence in the EU, but it processes the personal data of European residents.

More than 250 employees.

Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data.

The cost of non-compliance

The maximum fine for non-compliance with GDPR is 20 million Euro or 4% of annual revenue.

According to the European Commission, the process for non-compliance is as follows:

If your website is not fully compliant with GDPR, the first stage of the process is a “warning” followed by steps shown image above.

Rizwan Ali Khan

Rizwan Ali Khan, the Product Manager at Notifyvisitors is a tech Geek, UI / UX Designer & Creative Writer who likes to learn about new technologies in his free time.